Zoom, the video calling app that everyone is using, has serious security flaws

2020-04-01T12:36:26.363Z

Social distancing, compulsory teleworking and quarantine periods have triggered the use of video conferencing applications, and few have benefited as much as

Video calls.Houseparty denies a hack and assures that it is a smear campaign

Health: USA, Korea or Spain: how can localization be used to combat coronavirus?

Gadgets. Is your mobile slow? Try these tricks

Social distancing, compulsory teleworking and quarantine periods have triggered the use of video conferencing applications and few have been as benefited as Zoom, which has managed to become a very useful solution for companies and individuals due to the simplicity of its interface.

In recent weeks the use of this application has increased 67%. Small companies that were not used to teleworking and educational centers have found in it a free and very useful tool to maintain their activity. Zoom also has features that have proven to be especially useful during the pandemic, such as the ability to use virtual funds instead of showing the addresses of the background parties.

Created in 2011 by a company with the same name (and publicly traded since last year), the app allows up to 100 people to participate in a conference for up to 40 minutes. Paid customers can break these limits, with conferences of up to 1,000 participants and unlimited time.

So far so good. She seems like the perfect candidate for the situation we are experiencing. The problem is that now that it has become a widely used tool, several of the security issues have started to surface and not all of them have an easy solution.

The first is one of the most concerning. Zoom ensures that all your calls are end-to-end encrypted but it is only partially true. Although conversation chats are encrypted between participants, the encryption of video calls is not as secure: it is encrypted, but the company can access them.

Zoom has also admitted that an oversight in the design of the app allowed Facebook to know the user's private data. The app offered the option of identifying yourself through a Facebook account, a common option in many apps that facilitates the entry of new users, but that allows the social network to collect more data on user activity.

Zoom's problem is that even when users didn't identify themselves using this feature , some of the data could end up in the hands of Facebook. The company has corrected this ruling, but several affected users have started a class action lawsuit against the company.

A third problem is that last January the algorithm that generates the random codes that identify the calls is known, and that they serve to invite other participants. This has given rise to a phenomenon known as 'Zoombombing', in which one or more people sneak into conferences for which they have no invitation and fill the chat with pornographic or Nazi-themed images. There is a simple solution to the problem of adding a password to join the meeting, but not all organizers activate it.

Sudden interest in the tool has begun to worry certain sectors of the US government. New York State Attorney General Laetitia James has sent an official statement to the company to clarify what its privacy practices are and what steps it is taking to improve them, especially regarding the use of the tool by minors.

In the state of Virginia, several public schools that used the tool to continue classes electronically have decided to abandon the app. The U.S. Army it has also banned its use for official business. The app, however, remains a favorite of many work teams, even those who work with sensitive information. British Prime Minister Boris Johnson has used it, for example, in recent weeks to coordinate his cabinet to respond to the coronavirus crisis, even though his Defense Ministry advises against using it.